Skip to content

Comments

Add mount namespace support 添加挂载命名空间支持#2909

Merged
5ec1cff merged 20 commits intotiann:mainfrom
u9521:main
Dec 15, 2025
Merged

Add mount namespace support 添加挂载命名空间支持#2909
5ec1cff merged 20 commits intotiann:mainfrom
u9521:main

Conversation

@u9521
Copy link
Contributor

@u9521 u9521 commented Nov 10, 2025

tested on nx769j android14-6.1 kernel , terminal app is termux

inherit mode

kerenlsu default behavior

global mode

~ $ ls -l /proc/self/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026535508]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
~ $ su
:/ # ls -l /proc/self/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026532634]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
:/ # ls -l /proc/1/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026532634]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
:/ # mount -t debugfs none /sys/kernel/debug
now we can see /d/ mount on every process
:/ # umount /sys/kernel/debug

independent mode

~ $  ls -l /proc/self/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026535510]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
~ $ su
# ls -l /proc/self/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026535516]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
ls -l /proc/1/ns/ | sed -E 's/.*[0-9]{2}:[0-9]{2} //g'
total 0
cgroup -> cgroup:[4026531835]
mnt -> mnt:[4026532634]
net -> net:[4026531840]
time -> time:[4026531834]
time_for_children -> time:[4026531834]
uts -> uts:[4026531838]
~ $ su
:/data/data/com.termux/files/home # mount -t debugfs none /sys/kernel/debug
:/data/data/com.termux/files/home # ls /sys/kernel/debug
88e3000.hsphy
......
:/data/data/com.termux/files/home # ^D
~ $ ls -l /sys/kernel/debug/
total 0
~ $

backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 11, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
a14fc9b
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 11, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
d53a1b7
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 11, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
9d63681
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 11, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
cb497db
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 11, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
e5139bb
@u9521 u9521 force-pushed the main branch 2 times, most recently from f1d0616 to 6139570 Compare November 13, 2025 11:45
@tiann
Copy link
Owner

tiann commented Nov 14, 2025

I think this feature is excellent, but the implementation is somewhat tricky and may be difficult to maintain. Is there a simpler or more sustainable way to achieve this?

@u9521
Copy link
Contributor Author

u9521 commented Nov 14, 2025

I think this feature is excellent, but the implementation is somewhat tricky and may be difficult to maintain. Is there a simpler or more sustainable way to achieve this?

setns系统调用的实现代码
https://elixir.bootlin.com/linux/v6.17/source/kernel/nsproxy.c#L536
有很多函数像prepare_nsset(flags, &nsset);的实现都是在nsproxy.c内部定义的,调用不了,内核也没有提供像ksys_setns之类的东西,想不到除了直接利用导出符号调用这个系统调用的办法,或者全部手动实现一遍

Implementation code of the setns system call
https://elixir.bootlin.com/linux/v6.17/source/kernel/nsproxy.c#L536
Many functions like prepare_nsset(flags, &nsset); are defined internally within nsproxy.c and cannot be called directly. The kernel also doesn't provide anything like ksys_setns. Can't think of any solution besides directly using exported symbols to call this system call, or manually implementing everything from scratch

backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 14, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
c9a0f97
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 14, 2025
@backslashxx
we can call syscalls as-is pre 4.17
a005f4f 
we also have weak close_fd here already.

tiann#2909
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 15, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
65b8728
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 15, 2025
@backslashxx
we can call syscalls as-is pre 4.17
ece66ea 
we also have weak close_fd here already.

tiann#2909
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 15, 2025
@u9521 @backslashxx
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
d3d9298
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 15, 2025
@backslashxx
we can call syscalls as-is pre 4.17
af78630 
we also have weak close_fd here already.

tiann#2909
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
manager: bring back namespace config in app profiles (tiann#2909)
6e9b213
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
9bd0453
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
manager: bring back namespace config in app profiles (tiann#2909)
90b6efa
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
c9e4559
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
manager: bring back namespace config in app profiles (tiann#2909)
f11bc5c
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 20, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
82610e7
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 21, 2025
@u9521 @backslashxx
manager: bring back namespace config in app profiles (tiann#2909)
9570e02
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 21, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
6e9a36e
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 21, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
271e0be
backslashxx pushed a commit to backslashxx/KernelSU that referenced this pull request Nov 21, 2025
@u9521 @backslashxx
kernel: add support change mount namespace with app profile (tiann#2909)
a7804b5
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 21, 2025
@backslashxx
KernelSU v2.1.2+
abf8a19 
Changes on top of upstream (+69):
	workflows: debloat
	workflows: debloat pt. 2
	dummy.keystore
	ksud: add armeabi-v7a support
	manager:  failure mode dummy demo
	manager: unofficial build
	manager: Add ABI and Kernel archirecture info into InfoCardItem
	ksud: prevent 32-on-64 pointer mismatches on sepolicy
	ksud: add avc spoof to feature
	kernel: remove unsupportable code
	kernel: restore compat code required for old kernels
	kernel: compat: remove ksu_android_ns_fs_check
	Reapply: "Handle unmount for isolated process correctly (tiann#2696)"
	kernel: core_hook: backport ksu_enhanced_security rules
	kernel: add support change mount namespace with app profile (tiann#2909)
	kernel: core_hook: disable seccomp for allowed uids
	kernel: supercalls: provide sys_reboot handler
	kernel: supercalls: backport: "Use task work to install fd"
	kernel: supercalls: partial backport of do_manage_mark
	kernel: selinux: force sepol_data.sepol to be u64
	kernel: core_hook: screw path_umount backport, call sys_umount directly
	kernel: throne_tracker: offload to kthread (tiann#2632)
	kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653)
	kernel: core_hook: migrate init_session_keyring grab to security_bprm_check
	kernel: expose allowlist workaround as Kconfig option
	kernel: app_profile: shim escape_with_root_profile
	kernel: allowlist: escape persistent_allow_list to kthread
	kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656)
	kernel: sucompat: sucompat toggle support for manual hooks (tiann#2506)
	kernel: sucompat: use seccomp.mode for permission check
	kernel: app_profile: do not disable seccomp again
	kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig
	kernel: sucompat: provide do_execve_common handler for < 3.14
	kernel: sucompat: provide getname_flags (user) ultimatum hook
	kernel: sucompat: provide getname_flags (kernel) ultimatum hook
	kernel: file_wrapper: handle more compat
	kernel: file_wrapper: handle readdir and iterate compat for UL
	kernel: ksud: provide is_ksu_transition check v4
	kernel: kp_ksud: restore kprobes for early-boot and used-once hooks
	kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704)
	kernel: kp_ksud: add sys_reboot kp hook
	kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat
	kernel: extras: base implementation of avc log spoofing
	kernel: extras/avc_spoof: add kprobe support
	kernel: extras: add avc spoof to feature
	kernel/extra: replace sensitive context with priv_app
	kernel: apk_sign: casting to char for strcmp -> memcmp
	kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek
	kernel: core_hook: no ext4_unregister_sysfs, no problem
	kernel: ksud: d_is_reg to S_ISREG
	kernel: Makefile: remove overlayfs requirement
	kernel: throne_tracker: resolve s_magic for < 3.9
	kernel: ksud: handle conditional read_iter requirement for < 3.16
	kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18
	kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11
	kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8
	kernel: compat: provide bin2hex compat for < 3.18
	kernel: compat: add strscpy pseudo-compat for < 4.3
	kernel: compat: file_inode compat for < 3.9
	kernel: compat: provide weak anon_inode_getfd_secure for < 5.12
	kernel: compat: provide selinux_inode wrapper for < 5.1
	kernel: compat: provide selinux_cred wrapper for < 5.1
	kernel: apk_sign: fix return check for ksu_sha256
	kernel: handle backports
	kernel: apk_sign: add more size/hash pairs
	kernel: ksu: printout quirks / backports / etc on init
	kernel: scripts: kuid_ul_fix: add small script as helper
	kernel: selinux: fix wrong return type
	KernelSU v2.1.2+

Warning: Managers built from this repo has a known keystore.
See dummy.keystore.

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Nov 22, 2025
@backslashxx
KernelSU v2.1.2+
5490af7 
Changes on top of upstream (+69):
	workflows: debloat
	workflows: debloat pt. 2
	dummy.keystore
	ksud: add armeabi-v7a support
	manager:  failure mode dummy demo
	manager: unofficial build
	manager: Add ABI and Kernel archirecture info into InfoCardItem
	ksud: prevent 32-on-64 pointer mismatches on sepolicy
	ksud: add avc spoof to feature
	kernel: remove unsupportable code
	kernel: restore compat code required for old kernels
	kernel: compat: remove ksu_android_ns_fs_check
	Reapply: "Handle unmount for isolated process correctly (tiann#2696)"
	kernel: core_hook: backport ksu_enhanced_security rules
	kernel: add support change mount namespace with app profile (tiann#2909)
	kernel: core_hook: disable seccomp for allowed uids
	kernel: supercalls: provide sys_reboot handler
	kernel: supercalls: backport: "Use task work to install fd"
	kernel: supercalls: partial backport of do_manage_mark
	kernel: selinux: force sepol_data.sepol to be u64
	kernel: core_hook: screw path_umount backport, call sys_umount directly
	kernel: throne_tracker: offload to kthread (tiann#2632)
	kernel: ksud: migrate ksud execution to security_bprm_check (tiann#2653)
	kernel: core_hook: migrate init_session_keyring grab to security_bprm_check
	kernel: expose allowlist workaround as Kconfig option
	kernel: app_profile: shim escape_with_root_profile
	kernel: allowlist: escape persistent_allow_list to kthread
	kernel: sucompat: increase reliability, commonize and micro-optimize (tiann#2656)
	kernel: sucompat: sucompat toggle support for manual hooks (tiann#2506)
	kernel: sucompat: use seccomp.mode for permission check
	kernel: app_profile: do not disable seccomp again
	kernel: expose KSU_LSM_SECURITY_HOOKS on Kconfig
	kernel: sucompat: provide do_execve_common handler for < 3.14
	kernel: sucompat: provide getname_flags (user) ultimatum hook
	kernel: sucompat: provide getname_flags (kernel) ultimatum hook
	kernel: file_wrapper: handle more compat
	kernel: file_wrapper: handle readdir and iterate compat for UL
	kernel: ksud: provide is_ksu_transition check v4
	kernel: kp_ksud: restore kprobes for early-boot and used-once hooks
	kernel: kp_ksud: add security_bounded_transition hook for < 4.14 (tiann#1704)
	kernel: kp_ksud: add sys_reboot kp hook
	kernel: rp_sucompat: add kretprobes-hooked getname_flags for sucompat
	kernel: extras: base implementation of avc log spoofing
	kernel: extras/avc_spoof: add kprobe support
	kernel: extras: add avc spoof to feature
	kernel/extra: replace sensitive context with priv_app
	kernel: apk_sign: casting to char for strcmp -> memcmp
	kernel: apk_sign: migrate generic_file_llseek -> vfs_llseek
	kernel: core_hook: no ext4_unregister_sysfs, no problem
	kernel: ksud: d_is_reg to S_ISREG
	kernel: Makefile: remove overlayfs requirement
	kernel: throne_tracker: resolve s_magic for < 3.9
	kernel: ksud: handle conditional read_iter requirement for < 3.16
	kernel: throne_tracker: handle filldir_t ABI mismatch on <= 3.18
	kernel: compat: iterate_dir -> vfs_readdir compat for < 3.11
	kernel: sucompat: bruteforce writeable stack from start_stack for < 3.8
	kernel: compat: provide bin2hex compat for < 3.18
	kernel: compat: add strscpy pseudo-compat for < 4.3
	kernel: compat: file_inode compat for < 3.9
	kernel: compat: provide weak anon_inode_getfd_secure for < 5.12
	kernel: compat: provide selinux_inode wrapper for < 5.1
	kernel: compat: provide selinux_cred wrapper for < 5.1
	kernel: apk_sign: fix return check for ksu_sha256
	kernel: handle backports
	kernel: apk_sign: add more size/hash pairs
	kernel: ksu: printout quirks / backports / etc on init
	kernel: scripts: kuid_ul_fix: add small script as helper
	kernel: selinux: fix wrong return type
	KernelSU v2.1.2+

Warning: Managers built from this repo has a known keystore.
See dummy.keystore.

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Jan 24, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
324a1e2 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Jan 26, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
8e86b40 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Jan 26, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
81df429 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
RapliVx pushed a commit to RapliVx/KernelSU that referenced this pull request Jan 26, 2026
@u9521 @AlexLiuDev233
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
865f77d
RapliVx pushed a commit to RapliVx/KernelSU that referenced this pull request Jan 26, 2026
@pershoot @RapliVx
kernel (susfs (v2.0.0)): Introduce SuSFS
403492d 
-Cherry-picked and squashed from:
 https://github.com/pershoot/KernelSU-Next/tree/dev-susfs

.....

kernel (susfs (v2.0.0)): Synced with official KernelSU main repo

Author: simonpunk <[email protected]>
Date:   Mon Dec 15 20:03:01 2025 +0800

- See tiann@c95c2d7

-Makefile -> Kbuild (build-time info.)
-Accommodate:
 'Add mount namespace support 添加挂载命名空间支持 (tiann#2909)'
 'kernel: fix root_groups defs (tiann#3028)'
 'sulogv2'
 'kernel, ksud, manager: Remove enhanced security feature'
 (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits)
 'Explicitly check zygote start in execve hook'
 'selinux: Cache SID lookups for domain checks'
 'kernel: ksud: Refine rc injection'
 'kernel: supercalls: expose spoof uname function to userspace'

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Let ksud bootstrap

Author: pershoot <[email protected]>
Date:   Mon Dec 29 21:36:12 2025 -0500

-Do not short-circuit; this will cause loss of root if this returns
 early (like on my / few specific device(s)) due to timing differences
 during init.

kernel (susfs (v2.0.0)): Fixed ksu features not enabled and ksu fd not released

Author: simonpunk <[email protected]>
Date:   Wed Dec 17 00:16:34 2025 +0800

-Synced with official KernelSU main repo

- See tiann@91ed4ea

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Fixed compile error

Author: simonpunk <[email protected]>
Date:   Sun Dec 21 01:30:55 2025 +0800

-Synced with official KernelSU main repo

- See tiann@3d73f89

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Synchronize with upstream

Author: pershoot <[email protected]>
Date:   Tue Dec 30 06:39:56 2025 -0500

-'kernel (susfs (v2.0.0)): Let ksud bootstrap' ->
 'KernelSU: Fixed root not accessible on some Samsung devices and AOSP devices'
 -Init. call at end; amend / add comments

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Fixed selinux issues by the fix from upstream

Author: simonpunk <[email protected]>
Date:   Wed Dec 31 09:05:32 2025 +0800

-Remove ksu_enhanced_security_enabled check in ksu_handle_setresuid()
 since it may lead to side channel detection

- For selinux issues,
  see tiann@f71d011

- For ksu_enhanced_security_enabled issue,
  Now no matter what value is set for the toggle "Enable enhanced security" in ksu manager,
  it will NOT be effective nor used to check in ksu_handle_setresuid()

-Note: This was partially taken care of in:
       'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo'
       coinciding with:
       'kernel, ksud, manager: Remove enhanced security feature'
       (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits)

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel & KernelSU (susfs (v2.0.0)): Added newfstatat syscall hook for handling latest Android Canary

Author: simonpunk <[email protected]>
Date:   Sun Jan 11 21:48:35 2026 +0800

-Sycned with official KernelSU main repo

- See tiann@df64091

-Note: Some of this was taken care of in:
       'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo'
       to coincide with:
       'kernel: ksud: Refine rc injection, fix issue of Android Canary 2601'

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Fix stat issue when injecting to init.rc for latest Android Canary and qpr3 beta2

Author: simonpunk <[email protected]>
Date:   Sat Jan 17 21:38:43 2026 +0800

- Sorry for my blinded eyes again since I did not read the references by the upstream fix carefully, it should hook fstat instead of newfstatat, and by hooking vfs_fstat we do not need to care which syscall family it uses

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Refined and renamed hide_sus_mnts_for_all_procs to hide_sus_mnts_for_non_su_procs

Author: simonpunk <[email protected]>
Date:   Tue Jan 20 11:53:55 2026 +0800

- There is no good reason to even hide the sus mounts for su process at all and it makes ReZygisk not able to determine what to umount.

- Now it can prevent zygote itself from caching the sus mounts while at the same time ReZyisk can still see them simply because the job is done by its daemon process which is running with su context.

- So now the scenarios become like this:
      1. No Zygisk enabled / ReZygisk enabled but without TreatWheel module => Enable hide_sus_mnts_for_non_su_procs in post-fs-data.sh, then disable hide_sus_mnts_for_non_su_procs in boot-completed.sh or leave it enabled.
      2. [Zygisk Next|Rezygisk + TreatWheel|NeoZygisk] enabled => No need to enable/disable hide_sus_mnts_for_non_su_procs since they can handle traces left by zygote already.

** Friendly reminder **
- It is suggested to disable hide_sus_mnts_for_non_su_procs in boot-completed.sh since having it enabled will cause a bit more overheads unless there are sus mounts you do not want them to be umounted but do want them to be just hidden from proc mounts.

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Remove duplicated log and changed to a proper log message

Author: simonpunk <[email protected]>
Date:   Wed Jan 21 12:56:39 2026 +0800

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 2, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
146469b 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 2, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
27a3d1e 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 3, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
a6e1c08 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 3, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
edab269 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 3, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
ddaa027 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 3, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
6a29213 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 4, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
52ef7f4 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 4, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
1c9f02a 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 4, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
811b4ca 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 5, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
631b7d2 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 6, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
06d4908 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 8, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
f84590a 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 8, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
29b9f94 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 8, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
d044fdd 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 8, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
06f0e7d 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 9, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
7ed8738 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 9, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
9cc2877 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 10, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
8d2866b 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 10, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
9fc4e4c 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 11, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
12fb4da 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
selfmusing pushed a commit to selfmusing/USlenreK that referenced this pull request Feb 11, 2026
@backslashxx @selfmusing
kernel: adapt "namespace support" feature to old kernels
a6caf9b 
TODO: add comments

devlog and shit
backslashxx@6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

backslashxx@7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
LeCmnGend pushed a commit to LeCmnGend/KernelSU that referenced this pull request Feb 23, 2026
@u9521 @rifsxd
Add mount namespace support 添加挂载命名空间支持 (tiann#2909)
8490b46
LeCmnGend pushed a commit to LeCmnGend/KernelSU that referenced this pull request Feb 23, 2026
@pershoot
kernel (susfs (v2.0.0)): Introduce SuSFS
350524a 
-Cherry-picked and squashed from:
 https://github.com/pershoot/KernelSU-Next/tree/dev-susfs

.....

kernel (susfs (v2.0.0)): Synced with official KernelSU main repo

Author: simonpunk <[email protected]>
Date:   Mon Dec 15 20:03:01 2025 +0800

- See tiann@c95c2d7

-Makefile -> Kbuild (build-time info.)
-Accommodate:
 'Add mount namespace support 添加挂载命名空间支持 (tiann#2909)'
 'kernel: fix root_groups defs (tiann#3028)'
 'sulogv2'
 'kernel, ksud, manager: Remove enhanced security feature'
 (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits)
 'Explicitly check zygote start in execve hook'
 'selinux: Cache SID lookups for domain checks'
 'kernel: ksud: Refine rc injection'
 'kernel: supercalls: expose spoof uname function to userspace'
 'kernel: Fix setup_selinux using __task_cred directly'

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Let ksud bootstrap

Author: pershoot <[email protected]>
Date:   Mon Dec 29 21:36:12 2025 -0500

-Do not short-circuit; this will cause loss of root if this returns
 early (like on my / few specific device(s)) due to timing differences
 during init.

kernel (susfs (v2.0.0)): Fixed ksu features not enabled and ksu fd not released

Author: simonpunk <[email protected]>
Date:   Wed Dec 17 00:16:34 2025 +0800

-Synced with official KernelSU main repo

- See tiann@91ed4ea

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Fixed compile error

Author: simonpunk <[email protected]>
Date:   Sun Dec 21 01:30:55 2025 +0800

-Synced with official KernelSU main repo

- See tiann@3d73f89

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Synchronize with upstream

Author: pershoot <[email protected]>
Date:   Tue Dec 30 06:39:56 2025 -0500

-'kernel (susfs (v2.0.0)): Let ksud bootstrap' ->
 'KernelSU: Fixed root not accessible on some Samsung devices and AOSP devices'
 -Init. call at end; amend / add comments

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Fixed selinux issues by the fix from upstream

Author: simonpunk <[email protected]>
Date:   Wed Dec 31 09:05:32 2025 +0800

-Remove ksu_enhanced_security_enabled check in ksu_handle_setresuid()
 since it may lead to side channel detection

- For selinux issues,
  see tiann@f71d011

- For ksu_enhanced_security_enabled issue,
  Now no matter what value is set for the toggle "Enable enhanced security" in ksu manager,
  it will NOT be effective nor used to check in ksu_handle_setresuid()

-Note: This was partially taken care of in:
       'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo'
       coinciding with:
       'kernel, ksud, manager: Remove enhanced security feature'
       (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits)

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel & KernelSU (susfs (v2.0.0)): Added newfstatat syscall hook for handling latest Android Canary

Author: simonpunk <[email protected]>
Date:   Sun Jan 11 21:48:35 2026 +0800

-Sycned with official KernelSU main repo

- See tiann@df64091

-Note: Some of this was taken care of in:
       'kernel (susfs (v2.0.0)): Synced with official KernelSU main repo'
       to coincide with:
       'kernel: ksud: Refine rc injection, fix issue of Android Canary 2601'

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Fix stat issue when injecting to init.rc for latest Android Canary and qpr3 beta2

Author: simonpunk <[email protected]>
Date:   Sat Jan 17 21:38:43 2026 +0800

- Sorry for my blinded eyes again since I did not read the references by the upstream fix carefully, it should hook fstat instead of newfstatat, and by hooking vfs_fstat we do not need to care which syscall family it uses

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Refined and renamed hide_sus_mnts_for_all_procs to hide_sus_mnts_for_non_su_procs

Author: simonpunk <[email protected]>
Date:   Tue Jan 20 11:53:55 2026 +0800

- There is no good reason to even hide the sus mounts for su process at all and it makes ReZygisk not able to determine what to umount.

- Now it can prevent zygote itself from caching the sus mounts while at the same time ReZyisk can still see them simply because the job is done by its daemon process which is running with su context.

- So now the scenarios become like this:
      1. No Zygisk enabled / ReZygisk enabled but without TreatWheel module => Enable hide_sus_mnts_for_non_su_procs in post-fs-data.sh, then disable hide_sus_mnts_for_non_su_procs in boot-completed.sh or leave it enabled.
      2. [Zygisk Next|Rezygisk + TreatWheel|NeoZygisk] enabled => No need to enable/disable hide_sus_mnts_for_non_su_procs since they can handle traces left by zygote already.

** Friendly reminder **
- It is suggested to disable hide_sus_mnts_for_non_su_procs in boot-completed.sh since having it enabled will cause a bit more overheads unless there are sus mounts you do not want them to be umounted but do want them to be just hidden from proc mounts.

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

KernelSU (susfs (v2.0.0)): Remove duplicated log and changed to a proper log message

Author: simonpunk <[email protected]>
Date:   Wed Jan 21 12:56:39 2026 +0800

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel & KernelSU (susfs (v2.0.0)): Replaced susfs_is_boot_completed_triggered with susfs_is_sdcard_android_data_decrypted

Author: simonpunk <[email protected]>
Date:   Mon Feb 2 14:13:08 2026 +0800

-Sync with the official KernelSU main repo

- 1st scene: There will be still some processes spawned by init after /data is decrypted, these processes will still go through the sucompat checks which takes more CPU cycle.

  2nd scene: There can be some mounts mounted after /data is decrypted like yt rvx module, these mounts will leave a mnt_id gap or mnt_group_id gap if it is not a bind mount.

  So to mark no sucompat checks for all init spawned processes, and to capture the ksu mounts and leave no mnt_id/mnt_group_id gaps as much as possible, here we start a kthread after boot-completed stage to keep monitoring the accessbility of path /sdcard/Android/data in loop per 5 seconds with maximum 60 attempts. When it is accessible, we sleep for 5 more seconds just in case there are still some modules mounting stuff. On the contrary, the path will still be deemed as accessible after 60 failed attempts just to prevent infinite loop

- For upstream commit, see tiann@35d8162

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1

kernel (susfs (v2.0.0)): Various fixes for SUS_PATH and SUS_MOUNT

-plus overall code improvement and optimization

Author: simonpunk <[email protected]>
Date:   Sat Feb 14 01:06:42 2026 +0800

- Remove the need of flagging /sdcard or /sdcard/Android/data, so we can just do "ksu_susfs add_sus_path </sdcard/TWRP|/sdcard/Android/data/com.example.myapp" for example. To completely prevent unicode exploit users can pick up the patches from here if needed: https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1%2B.patch / https://github.com/WildKernels/kernel_patches/blob/main/common/unicode_bypass_fix_6.1-.patch

- To deal with FUSE based path, first we check for the inode->i_sb->s_magic, if its magic is FUSE, then we use get_fuse_inode(inode) API to retrieve its fuse inode and flag SUS_PATH on fi->i_mapping->flags.

- Remove overall overheads as we can now get rid of linked list to check for sus path in "/sdcard" and "/sdcard/Android/data", however, for add_sus_path_loop we still need it. But we can consider to use userspace inotify to watch specific paths and pass list of paths to add_sus_path when needed, that will reduce the overheads of iterating the SUS_PATH_LOOP linked list every time zygote spawns a new process.

- Apply only on proc with uid >= 10000 and marked umounted.

- Fixed deadlock and race issues, see 4803afa7 and 068ebeb3

- d_lookup(), __d_lookup() and __d_lookup_rcu() will just return NULL if no dcache is found, so we can just dput() the dentry and set it to NULL, no need to do extra lookup with fake qstr.

- Use d_lookup_done(dentry) to make sure "dentry->d_flags &= ~DCACHE_PAR_LOOKUP" and "dentry->d_wait = NULL" if it is found sus, and re-use DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);

- Fix several race issues by using proper locks:
  down_read(&namespace_sem); // needed when manipulating mnt_namespace
  lock_ns_list(mnt_ns); // needed when traversing mnt_ns->list
  lock_mount_hash(); // needed when modifying mount

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
LeCmnGend pushed a commit to LeCmnGend/KernelSU that referenced this pull request Feb 23, 2026
@simonpunk @LeCmnGend
kernel (susfs (v2.0.0)): Synced with official KernelSU main repo
8796414 
- See tiann@c95c2d7

-Makefile -> Kbuild (build-time info.)
-Accommodate:
 'Add mount namespace support 添加挂载命名空间支持 (tiann#2909)'
 'kernel: fix root_groups defs (tiann#3028)'
 'sulogv2'
 'kernel, ksud, manager: Remove enhanced security feature'
 (https://github.com/KernelSU-Next/KernelSU-Next/pull/1035/commits)
 'Explicitly check zygote start in execve hook'
 'selinux: Cache SID lookups for domain checks'
 'kernel: ksud: Refine rc injection'
 'kernel: supercalls: expose spoof uname function to userspace'
 'kernel: Fix setup_selinux using __task_cred directly'

-https://gitlab.com/simonpunk/susfs4ksu/-/tree/gki-android14-6.1
backslashxx added a commit to backslashxx/KernelSU that referenced this pull request Feb 23, 2026
@backslashxx
kernel: adapt "namespace support" feature to old kernels
243fa40 
TODO: add comments

devlog and shit
6d100ac
https://github.com/backslashxx/KernelSU/tree/384de6420b64850a4cf2abbb83171f151a851c7f
ximi-mojito-test/mojito_krenol@33ae97f
https://github.com/ximi-libra-test/android_kernel_xiaomi_libra/tree/52810d22428875cca163cb52fd2819120e0b8120

7866f4e *

upstream: tiann#2909

Signed-off-by: backslashxx <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aviraxp aviraxp aviraxp left review comments

Copilot code review Copilot Copilot left review comments

@5ec1cff 5ec1cff 5ec1cff approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@u9521 @tiann @5ec1cff @aviraxp